[7.99.18] ipfilter

To: port-sparc64%netbsd.org@localhost
Subject: [7.99.18] ipfilter
From: BERTRAND Joël <joel.bertrand%systella.fr@localhost>
Date: Sun, 19 Jul 2015 14:28:59 +0200

	Hello,

	I'm not sure it's a sparc64 specific issue. Maybe I have done a mistake.

I use a blade2000 as a router. WAN is connected to gem0 by a WIMAXmodem. LAN's are connected to hme[0-3].

All but 2222/TCP (ssh) are closed from WAN. Thus, I have written in/etc/ipf.conf :


pass in from any to any
pass out from any to any
block in log on gem0 proto tcp \
	from any to any port = 2222
pass in log on gem0 proto tcp \
	from rayleigh.systella.fr to any port = 2222
pass in log on gem0 proto tcp \
	from newton.systella.fr to any port = 2222
pass in on hme0 to tap0:192.168.1.1 proto tcp \
        from 192.168.10.250 port = 80 to any

If I understand, all connections to 2222/TCP are blocked when theydon't come from rayleigh and newton. But I see on console that some IPv4(mainly from China) try to connect to my server on 2222/TCP port.


	Where is my mistake ?

	Best regards,

	JKB

Follow-Ups:
- Re: [7.99.18] ipfilter
  - From: Christos Zoulas

Prev by Date: Re: [7.99.20] Build error
Next by Date: Re: [7.99.20] Build error
Previous by Thread: [7.99.20] Build error
Next by Thread: Re: [7.99.18] ipfilter
Indexes:

Home | Main Index | Thread Index | Old Index